Application Security Terminology

Glossary

HTTP Request Splitting

HTTP Request Splitting is an attack that forces the browser to send arbitrary HTTP requests, inflicting Cross-Site Scripting (XSS) and poisoning the browser's cache. With this type of attack, the attacker attempts to insert additional HTTP requests in the body of the original (enveloping) HTTP request, causing the browser to interpret this as one request while the web server interprets it as two.

The essence of the HTTP Request Splitting attack is the ability of the attacker, once the victim’s browser is forced to load the attacker’s malicious HTML page, to manipulate one of the browser’s functions to send two HTTP requests instead of one.